Above and Beyond

How does risk identification and mitigation affect the auditing function?

by Janet Bautista Smith

The auditing-beyond-compliance model offers a strategy for assessing and measuring risk. A traditional audit may not detect risk because it primarily focuses on compliance, and it typically is not designed to measure variables outside compliance. This is a missed opportunity to optimize the audit function’s visibility as a continuous improvement tool.

What is risk?

Risk affects a stakeholder’s satisfaction to varying degrees. Risks sometimes are hidden and difficult to detect. In some cases, the severity of a risk can be assessed by measuring the negative effects of the risk.

So how does auditing beyond compliance help evaluate the effectiveness of a risk reduction program? The following case study shows the steps.

Medical device sealing

Step one—Identify the process to be audited. A pouch sealing process for medical device sterilization.

Step two—Define the audit scope.

  • Pouch sealing process versus requirements.
  • Assessment of risk reduction controls.

Step three—Identify the inputs that affect the output during the planning stage. Pre-audit research of the process success factors can be performed by:

  • Interviewing the process owner or conducting a brief survey on the input/output of the process.
  • Reviewing associated issues and documents.

Figure 1

Any information gathered during the pre-audit research can be used to create a flowchart similar to Figure 1. The input/output can be determined by asking:

  • What is the desired output of the pouch sealing process? The desired output is repeatable seal integrity within the seal specifications.
  • What are the variables affecting the desired output? Typical process variables are the 6Ms: manpower, material, method, measurement involved in the process, machine and Mother Nature (work environment). Online Table 1 shows how the 6Ms affect output.

Online Table 1

This short case study shows the simple steps to identifying the potential risks and measurements that are verifiable during an audit.

Auditing beyond compliance captures improvement opportunities and waste, and enhances the added-value visibility of the auditing function outside of compliance verification. The auditing beyond compliance model is a tool that can help you effectively audit risk reduction programs to ensure continuous alignment between process controls and metrics.

Janet Bautista Smith is the director of quality and continuous improvement at ProTrans International in Indianapolis. She holds a bachelor’s degree in chemical engineering from the University of Santo Tomas in Manila, Philippines. A senior member of ASQ, Bautista Smith is an ASQ-certified Six Sigma Black Belt, quality engineer, quality auditor and certified manager of quality/organizational excellence. Bautista Smith is the author of Auditing Beyond Compliance (ASQ Quality Press, 2012) and The Art of Integrating Strategic Planning, Process Metrics, Risk Mitigation, and Auditing (ASQ Quality Press, 2015).

The online table filled in the voids that the article hinted at. We will be using this information in future audits and QMS updates.
--John Germain, 09-12-2017

I find the potential risks and measurements matrix (input, requirements for the input, etc.) very useful for auditing beyond compliance.

Aylin N. M.
--Aylin N. M., 09-03-2017

Average Rating


Out of 1 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers